How C-Suite it is: Executives finally give cybersecurity its due
(Editor’s note: The tenor of discussions at the RSA Conference in San Francisco last month was distinctively different than in years past. In this guest essay, Mike Potts, CEO of network security firm Lancope, relates what he heard.) (Edited for clarity and length.)
By Mike Potts, Special to ThirdCertainty
Another RSA Conference is behind us, and we overheard security professionals speaking their own language, using terms such as “APTs“ and “zero-day threats.”
While these sound like jargon, they represent important cybersecurity concepts that have often flown over the collective heads of C-Suite executives—until today. Cybersecurity is finally being recognized as a business discipline that directly affects an organization’s goals, causing the C-Suite to sit up and listen.
Security & Privacy Weekly News Roundup: Stay informed of key patterns and trends
The damaging data breaches suffered by high-profile companies such as Target, Sony, Home Depot and JPMorgan Chase helped elevate the issue of cybersecurity. While the mechanics of identifying and remediating attacks may reside with the information technology team, cybersecurity has become a companywide effort that the leadership team must oversee.
With cybersecurity in the spotlight, CEOs need to consider three crucial questions:
- What must be done to provide security administrators with network visibility to manage the internal and external security threats?
- What is the company’s incident response plan?
- What will be done to minimize the damage done by the inevitable attack?
Many Fortune 500 enterprises are forming cybersecurity subcommittees to answer these questions, translating the discussion into business terms on which the C-Suite can understand and act.
The cybersecurity discussion is changing. We’re not talking about if and when we’ll be attacked. We know it’s likely bad guys already are in the network.
To complicate matters, we’re on the leading edge of the Internet of Things. An increasing number of machines, from printers to refrigerators to heart monitors, have a unique IP address and can communicate with one another. This creates cybersecurity vulnerabilities that will affect virtually every industry.
Many companies hit by a breach don’t realize the damage has been done until a third party, such as the Justice Department or a bank, alerts them, a clear signal that the era of Security 1.0, with company budgets devoted to blocking outside threats, is past.
So welcome to Security 2.0. In this world, attackers are increasingly sophisticated and capable of bypassing traditional network perimeter security defenses. The threat of an insider attack is higher—about 51 percent—than that from an outsider. which is why having a real-time view inside a network is critical.
I’m not suggesting that organizations abandon perimeter defenses. but companies and government entities can’t rely on such tools alone to adequately secure networks. Outsiders can break through, and insiders can open the door.
In the era of Security 2.0, the C-Suite is finally giving information security the attention it needs.
Free IDT911 white paper: Breach, Privacy, And Cyber Coverages: Fact And Fiction